<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> sctpscan包装说明</h2><p style="text-align: justify;"> SCTPscan是一个工具来扫描SCTP功能的机器。通常，这些电信面向机器携带SS7和SIGTRAN通过IP。使用SCTPscan，你可以找到切入点电信网络。这对做电信核心网络基础设施pentests时特别有用。 SCTP也用于高性能网络（Internet2的）。 </p><p>资料来源：http://www.p1sec.com/corp/research/tool​​s/sctpscan/ <br> <a href="http://www.p1sec.com/corp/research/tools/sctpscan/" variation="deepblue" target="blank">sctpscan首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/sctpscan.git;a=summary" variation="deepblue" target="blank">卡利sctpscan回购</a> </p><ul><li>作者：菲利普·朗格卢瓦</li><li>许可：EGPLv2 </li></ul><h3>包含在sctpscan包工具</h3><h5> sctpscan - SCTP网络扫描用于发现和安全</h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="b9cbd6d6cdf9d2d8d5d0">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sctpscan<br>
SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois.<br>
SCTPscan comes with ABSOLUTELY NO WARRANTY; for details read the LICENSE or COPYING file.<br>
Usage:  sctpscan [options]<br>
Options:<br>
  -p, --port &lt;port&gt;           (default: 10000)<br>
      port specifies the remote port number<br>
  -P, --loc_port &lt;port&gt;           (default: 10000)<br>
      port specifies the local port number<br>
  -l, --loc_host &lt;loc_host&gt;   (default: 127.0.0.1)<br>
      loc_host specifies the local (bind) host for the SCTP<br>
      stream with optional local port number<br>
  -r, --rem_host &lt;rem_host&gt;   (default: 127.0.0.2)<br>
      rem_host specifies the remote (sendto) address for the SCTP<br>
      stream with optional remote port number<br>
  -s  --scan -r aaa[.bbb[.ccc]]<br>
      scan all machines within network<br>
  -m  --map<br>
      map all SCTP ports from 0 to 65535 (portscan)<br>
  -F  --Frequent<br>
      Portscans the frequently used SCTP ports<br>
      Frequent SCTP ports: 1, 7, 9, 20, 21, 22, 80, 100, 128, 179, 260, 250, 443, 1167, 1812, 2097, 2000, 2001, 2010, 2011, 2020, 2021, 2100, 2110, 2120, 2225, 2427, 2477, 2577, 2904, 2905, 2906, 2907, 2908, 2909, 2944, 2945, 3000, 3097, 3565, 3740, 3863, 3864, 3868, 4000, 4739, 4740, 5000, 5001, 5060, 5061, 5090, 5091, 5672, 5675, 6000, 6100, 6110, 6120, 6130, 6140, 6150, 6160, 6170, 6180, 6190, 6529, 6700, 6701, 6702, 6789, 6790, 7000, 7001, 7102, 7103, 7105, 7551, 7626, 7701, 7800, 8000, 8001, 8471, 8787, 9006, 9084, 9899, 9911, 9900, 9901, 9902, 10000, 10001, 11146, 11997, 11998, 11999, 12205, 12235, 13000, 13001, 14000, 14001, 20049, 29118, 29168, 30000, 32905, 32931, 32768<br>
  -a  --autoportscan<br>
      Portscans automatically any host with SCTP aware TCP/IP stack<br>
  -i  --linein<br>
      Receive IP to scan from stdin<br>
  -f  --fuzz<br>
      Fuzz test all the remote protocol stack<br>
  -B  --bothpackets<br>
      Send packets with INIT chunk for one, and SHUTDOWN_ACK for the other<br>
  -b  --both_checksum<br>
      Send both checksum: new crc32 and old legacy-driven adler32<br>
  -C  --crc32<br>
      Calculate checksums with the new crc32<br>
  -A  --adler32<br>
      Calculate checksums with the old adler32<br>
  -Z  --zombie<br>
      Does not collaborate to the SCTP Collaboration platform. No reporting.<br>
  -d  --dummyserver<br>
      Starts a dummy SCTP server on port 10000. You can then try to scan it from another machine.<br>
  -E  --exec &lt;script_name&gt;<br>
      Executes &lt;script_name&gt; each time an open SCTP port is found.<br>
      Execution arguments: &lt;script_name&gt; host_ip sctp_port<br>
  -t  --tcpbridge &lt;listen TCP port&gt;<br>
      Bridges all connection from &lt;listen TCP port&gt; to remote designated SCTP port.<br>
  -S  --streams &lt;number of streams&gt;<br>
      Tries to establish SCTP association with the specified &lt;number of streams&gt; to remote designated SCTP destination.<br>
<br>
Scan port 9999 on 192.168.1.24<br>
./sctpscan -l 192.168.1.2 -r 192.168.1.24 -p 9999<br>
<br>
Scans for availability of SCTP on 172.17.8.* and portscan any host with SCTP stack<br>
./sctpscan -s -l 172.22.1.96 -r 172.17.8<br>
<br>
Scans frequently used ports on 172.17.8.*<br>
./sctpscan -s -F -l 172.22.1.96 -r 172.17.8<br>
<br>
Scans all class-B network for frequent port<br>
./sctpscan -s -F -r 172.22 -l `ifconfig eth0 | grep 'inet addr:' |  cut -d: -f2 | cut -d ' ' -f 1 `<br>
<br>
Simple verification end to end on the local machine:<br>
./sctpscan -d &amp;<br>
./sctpscan -s -l 192.168.1.24 -r 192.168.1 -p 10000<br>
<br>
This tool does NOT work behind most NAT.<br>
That means that most of the routers / firewall don't know how to NAT SCTP packets.<br>
You _need_ to use this tool from a computer having a public IP address (i.e. non-RFC1918)</code><h3> sctpscan用法示例</h3><p> <b><i>扫描（-s）</i></b>在远程网络上经常使用的端口<b><i><b><i>（-F）（-r</i></b> 192.168.1。*）：</i></b> </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="5d2f3232291d363c3134">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sctpscan -s -F -r 192.168.1.*<br>
SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois.<br>
Netscanning with Crc32 checksumed packet<br>
Portscanning Frequent Ports on 192.168.1.*.</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
